L0Rd

**Name of the Vulnerable Software and Affected Versions** yTakkar Instagram-clone through 2018-04-23 **Description** The issue is related to inadequate XSS protection based on preg replace, allowing for XSS via an onmouseover payload in the edit requests.php file. **Recommendations** For yTakkar Instagram-clone through 2018-04-23, consider implementing a more robust XSS protection mechanism to prevent such attacks. As a temporary workaround, restrict access to the edit requests.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firebase Cloud Messaging (FCM) + Advance Admin Panel versions prior to 2017-10-26 **Description** The issue allows SQL injection via the "/advance push/public/login" API endpoint, specifically through the `username` parameter. This could potentially lead to unauthorized access to sensitive data. **Recommendations** For versions prior to 2017-10-26, as a temporary workaround, consider restricting access to the "/advance push/public/login" API endpoint to minimize the risk of exploitation. Avoid using the `username` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Brynamics Online Trade (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information by making a direct request for the "/dashboard/deposit" API endpoint. This could potentially lead to the discovery of database credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ShopNx versions through 2017-11-17 **Description** The issue allows a remote attacker to upload malicious files to a Node.js application. An attacker can upload a malicious HTML file containing a JavaScript payload to steal a user's credentials. **Recommendations** For versions through 2017-11-17, consider restricting file upload capabilities to prevent malicious file uploads until a fix is available. As a temporary workaround, restrict access to file upload functionality to minimize the risk of exploitation.